Full Disclosure mailing list archives

Re: Most common keystroke loggers?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 03 Dec 2005 13:15:26 +1300

Lionel Ferette wrote:

Using crypto all the way from the web server to a smart-card (so all the
compromised system can see is encrypted data it can't get the key for) can
help yere.

Even then, you would need a card reader with integrated pinpad. Otherwise, the 
keylogger can still sniff the PIN code entry - and then generate any 
signature it wants by accessing the PC/SC layer directly (been there, done 
that).


I'm not entirely convinced of that.  _Some part_ of displaying the 
transactions and accepting/rejecting the transactions has to occur 
"securely" (off the compromised machine), but I don't think it 
necessarily has to be the stage you suggest...




Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Most common keystroke loggers?, (continued)
- - - Re: Most common keystroke loggers? Mike Jones (Dec 01)
    - Re: Most common keystroke loggers? deepquest (Dec 01)
    - RE: Most common keystroke loggers? Lyal Collins (Dec 01)
    - Re: Most common keystroke loggers? deepquest (Dec 01)
    - Re: Most common keystroke loggers? php0t (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? php0t (Dec 01)
    - RE: Most common keystroke loggers? Lyal Collins (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
  - Re: Most common keystroke loggers? Lionel Ferette (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
  - Re: Most common keystroke loggers? Dave Korn (Dec 01)
    - Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
    - Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
  - RE: Most common keystroke loggers? Debasis Mohanty (Dec 01)
  - Re: Most common keystroke loggers? Kyle Lutze (Dec 01)
    - Re: Most common keystroke loggers? Blue Boar (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? mz4ph0d (Dec 01)

(Thread continues...)